[3.3] openvpn: remote buffer overflow (CVE-2017-12166)
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a
buffer overflow
vulnerability when key-method 1 is used, possibly resulting in code
execution.
Fixed In Version:
openvpn 2.3.18, openvpn 2.4.4
References:
http://openwall.com/lists/oss-security/2017/09/28/2
https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
(from redmine: issue id 8129, created on 2017-11-09, closed on 2017-11-23)
- Relations:
- parent #8125 (closed)
- Changesets:
- Revision 034e674e by Natanael Copa on 2017-11-23T09:15:22Z:
main/openvpn: security upgrade to 2.3.18 (CVE-2017-12166)
fixes #8129